How to keep ransomware attacks away from backups

Since its emergence,  the numerous variants of ransomware have wreaked havoc on networks and computers worldwide. By encrypting files and not releasing them until a ransom is paid, ransomware has proven to be especially effective and lucrative for cybercriminals.

Even backups are no longer safe from ransomware. But, with a little knowledge and the right tools in place, ransomware can be kept at arm’s length from both core databases and backups.

The current state of ransomware

In 2015, the Internet Crime Complaint Center (IC3) fielded approximately 2,500 complaints from people in the U.S. regarding ransomware. That means of the around 7,700 ransomware attacks reported to IC3 since 2005, close to 30 percent of them came in just last year, Business Insider reported. With each ransomware attack bringing in between $200 to $10,000 on average, cybercriminals have netted approximately $24 million in 2015.
Between 2014 and 2015, instances of ransomware increased by close to 50 percent, the Los Angeles Times reported. Going into this year, ransomware shows no signs of abating. As the United States Computer Emergency Readiness Team has noted, new ransomware strains like Locky are making the rounds and proving to be even more insidious than CryptoLocker and other, older forms of ransomware.

“The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation,” the FBI noted earlier this year. “And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.”

Why even backups aren’t safe anymore

Previously, one of the most common ways to combat ransomware was to have a full backup ready in the wings. That way, even if a main database was maliciously encrypted, an organization could just turn to backups to get things up and running again. It may not have been an ideal situation – after all, it still means that the cybercriminals have access to mission-critical data that could be leaked, destroyed or sold – although it ensured that downtime was minimized. But, even this last-ditch option is proving to be increasingly ineffective.

More and more, ransomware strains are going after not just main data stores, but backups as well. Newer strains like KeRanger and Samas are designed specifically to go after backups, making them even more destructive than past ransomware strains.

What you can do to lock down your data

For many businesses and individuals, the ransomware situation can certainly appear to be quite dire. If even backups are not a failsafe, then what can be done to protect all data from these kinds of attacks?

The first step in ransomware prevention is education. Knowing not to download unknown email attachments or click the wrong link can go a long way towards ensuring that ransomware never makes it into the network. Limiting access rights to only a select few can help a lot in this regard as well.

Backups are still necessary, but they need to be effectively safeguarded as well. Be sure to back up data early and often, and make sure backups are located in disparate places. Also be sure to test backup recovery efforts consistently, and don’t keep backups on drives that are easily discovered by cybercriminals. Backing up changes incrementally, as opposed to overwriting files during each backup, can help as well.

Furthermore, robust endpoint and network gateway protection can help keep computers, workstations, backups and everything else in the network that much safer, as does active patch management.

Ransomware is becoming more insidious seemingly by the day. But, by knowing how it often appears, the threat it poses can be mitigated.